The use of the Internet as a distribution medium for copyrighted content has created the challenge to secure the interests of the content provider. In particular it is required to warrant the copyrights and business models of the content providers. Increasingly, consumer electronics platforms are operated using a processor loaded with software. Such software may provide the main part of the functionality for rendering (playback) of digital content, such as audio and/or video. One way to enforce the interests of the content owner including the terms and conditions under which the content may be used, is by having control over the playback software. Where traditionally many consumer electronics platforms implemented in for example televisions or DVD players used to be closed, nowadays more and more platforms at least partially are open. This applies in particular to the PC platform, because some users may be assumed to have complete control over the PC hardware and software that provides access to the content. Also, users may be assumed to have a large amount of time and resources to attack and bypass any content protection mechanisms. As a consequence, content providers must deliver content to legitimate users across an insecure network and to a community where not all users or devices can be trusted.
Digital rights management systems often use encryption methods to prevent unauthorized use of content and/or digital signature methods to enable tracking the source of illegally distributed content. One of the issues arising in digital rights management is that the software code that enforces the terms and conditions under which the content may be used must not be tampered with.
Two areas of vulnerability of digital rights management relying on encryption are the software components which enforce the terms and conditions under which the content may be used, and the key distribution and handling. An attacker aiming to remove the enforcement of the terms and conditions may attempt to achieve this through tampering of the program code comprised in the software components. In relation to key handling, for playback a media player has to retrieve a decryption key from a license database. It then has to store this decryption key somewhere in memory for the decryption of the encrypted content. This provides an attacker with two options for an attack on the key. Firstly, reverse engineering of the license database access function could result in black box software (i.e., the attacker does not have to understand the internal workings of the software function), allowing the attacker to retrieve asset keys from all license databases. Secondly, by observation of the accesses to memory during content decryption, it may be possible to retrieve the asset key. In both cases the key is considered to be compromised.
Tamper-resistant software denotes software that has special features to complicate goal-directed tampering. Various techniques for increasing the tamper resistance of software applications exist. Most of these techniques are based on hiding the embedded knowledge of the application by adding a veil of randomness and complexity in both the control and the data path of the software application. The idea behind this is that it becomes more difficult to extract information merely by code inspection. It is therefore more difficult to find the code that, for example, handles access and permission control of the application, and consequently to change it. However, these techniques for increasing the tamper resistance of software applications are not always satisfactory.